[jira] [Created] (GROOVY-9049) EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 0's

["Staffan Forsell (JIRA)" <ji...@apache.org>]

Staffan Forsell created GROOVY-9049:
---------------------------------------

             Summary: EncodingGroovyMethods.digest() truncates hashes over 128 bits starting with 0's
                 Key: GROOVY-9049
                 URL: https://issues.apache.org/jira/browse/GROOVY-9049
             Project: Groovy
          Issue Type: Bug
          Components: groovy-runtime
    Affects Versions: 2.5.4, 3.x, 2.5.x
            Reporter: Staffan Forsell


The extension method org.codehaus.groovy.runtime.EncodingGroovyMethods#digest(byte[], java.lang.String) produces erroneous hashes for all hash functions not having 128-bits length when the resulting hash starts with 0.

This is due to padding the resulting string with zeroes to 32 chars length. 32 chars are only valid for 128 bit hash functions like md5. The padding should applied differently depending on the length of the digest returned.

Of the MessageDigest built-in hash functions this affects SHA-1 and SHA-256 at least. 

Solution would be to use *[getDigestLength|https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html#getDigestLength()]*() or the length of the returned digest and add some proper unit tests. 

 

Example of erroneous hashes:
{code:java}
(1..100).each {
  def sha1 =  it.toString().digest("SHA-1")
  if (sha1.size() != 40) {
    println "String '$it' length: ${sha1.size()} sha1: $sha1"
  }
}
{code}
Which produces:
{noformat}
String '9' length: 39 sha1: ade7c2cf97f75d009975f4d720d1fa6c19f4897
String '17' length: 39 sha1: 716d9708d321ffb6a00818614779e779925365c
String '28' length: 39 sha1: a57cb53ba59c46fc4b692527a38a87c78d84028
String '43' length: 39 sha1: 286dd552c9bea9a69ecb3759e7b94777635514b
String '93' length: 39 sha1: 8a35293e09f508494096c1c1b3819edb9df50db
{noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)